Whenever crypto bros throw the term “Not your keys, not your coins” that’s usually the end of the conversation. They never go into detail about the specifics of how to store your keys, or how to structure your wallets.
It’s just always kind of assumed that you already know it because it’s obvious (it absolutely isn’t). Or, frankly, it might be that the person trying to scare you into self-custody doesn’t know how to organize their wallets either; or they might just have a vested interest in you performing an action (like delegating to their pool) and they don’t majorly care what happens afterwards.
In this article, we’ll talk about how to best organize your wallets to maximize security and not accidentally lose them. If you are still looking to understand the basics of seed phrases and self-custody though, please check this article.
How to store Seed Phrases
The quickest, and perhaps dumbest, way of storing seed phrases is digitally. This means everything from taking a screenshot or writing it in a text file. If someone ever were to gain access to your accounts, computer, or the documents therein, it would be trivially easy to go through all your files to find a seed phrase, especially as the 2048 possible words in them are known, and image to text AI is getting quite sophisticated.
Furthermore, there’s also the possibility that your computer breaks, or you lose access to the accounts where your seed phrase is stored. Just take a look at any cryptocurrency forum and you’ll read a lot of horror stories.
The next option is to write it with pen and paper. This is old school and considerably better. But there are some things worth considering here as well. Firstly is to focus on writing things LEGIBLY and with ink that doesn’t smudge.
Produce two copies at least, store them in different places, and bear in mind that it is paper. So it can easily be destroyed by dampness, mould, fire, or just plain misplaced. Some people go the extra mile and carve their seed phrase into strong metals that don’t rust. There are even some companies that sell these metals slabs with a chisel, specifically for seed phrases.
Be that as it may, store whichever means you end up picking in a safe place. If you want to go the extra paranoid route, you can separate half of the seed phrase into another document.
The key problem with this, which you’ll see if you surf around Reddit, is that some people end up losing half their seed phrase. But it does mean that you can give half your key to someone you trust without fearing an immediate betrayal. For instance, at least as of a few years ago, Vitalik used to carry around half of his seed phrase, while keeping the other half at a family member’s home.
Do keep in mind that people can be shit, so don’t put yourself into positions where you’re placing an increasing monetary bounty on whether someone likes you.
That said, whether you decide to separate your seed phrase or not, and while it does increase the risk of someone else using your keys, I would recommend that a security backup duplicate is stored somewhere safe but in a completely different area.
Remember, when it comes to self-storage you are your worst enemy. Most of the difficulties present in self-custody can be found when you look in a mirror. By the same token, all the good practices are designed to work around one’s idiocy.
It’s much easier to plan for outside threats than to take one’s shortcomings into account.
For example, if you want to be really paranoid about it, you can also have a computer running Linux whose sole purpose is to be used for crypto transactions. That way you can vastly reduce the chances that your computer gets infected with a keylogger.
Though again it must be said, the likeliest means by which you are to be attacked is by social engineering, where people trick you into performing an action that benefits the scammer but harms you. So it pays to be paranoid and not put your eggs in one basket.
NEVER PUT YOURSELF INTO A POSITION WHERE A SINGLE MISTAKE COULD COST YOU YOUR NET WORTH.
This is why it’s recommended to have multiple wallets with different purposes. That way, if one wallet gets compromised, at least they don’t get the whole bag.
How to structure your wallets
I’m of the opinion that wallets should be treated a bit like folders on a computer. If you own NFTs, use DeFi, receive funds from people, etc. these should all be different wallets. Not only does this simplify your life when tax season comes, as it’s all ordered and separated, but it also diversifies your holdings.
If someone wants to steal your funds, make their lives difficult. Have dozens of wallets, and if a wallet starts representing a sizable percentage of your crypto holdings, separate that too. Don’t worry, you don’t need to have dozens of seed phrases, these can all be combined via a hardware wallet, which we’ll get to later in this article.
For now, let’s also make a distinction between Hot & Cold Wallets:
Hot Wallet: These are wallets that are easy to use and access, and are always ready to perform a transaction. These are typically web, mobile or desktop-based, and store your seed phrase within them so that you can quickly perform a transaction. These are dangerous as they’re the likeliest to be compromised in the event of a hacker attack.
While the seed phrase is stored within them, there may be other security measures built-in. For example, it may ask for you to set a “spending password” which you utilize to authorize transactions. However, these passwords are stored locally and would not stop someone from stealing your funds if they were to gain access to your seed phrase.
Unfortunately, most of Cardano DeFi presently only allows for Hot Wallets to interact with their apps. While this is a problem that will be solved in time, it is something to consider at the moment. If you plan on interacting with Cardano Apps in the near future, have a hot wallet where you only keep a small amount of funds.
Furthermore, having an active Hot Wallet doesn’t stop you from needing to safely store your seed phrases offline. Otherwise, you might have a technical problem with your device, or forget your spending password, and completely lose access to your funds forever.
Cold Wallet: The typical definition for these is “a crypto wallet not connected to the internet” but that’s a bit of a poor definition. You can’t take coins off the internet, so they’re always online. What you are instead doing, is storing the seed phrase offline, which will then be used to sign transactions.
This is a bit of a broad category, but these wallets come in many shapes and sizes, such as paper wallets, USB sticks and hardware wallets.
It bears saying though unless you are using a hardware wallet, which is a device designed to sign transactions but never disclose the seed phrase, you should consider that it’s no longer a cold wallet.
A cold wallet becomes a hot wallet upon use, but a hot wallet can’t become a cold wallet upon disuse, as there’s no guarantee that someone didn’t gain access to your seed phrase and is biding their time. Most of your funds should be in Cold Wallets.
As you can see, paranoia is the name of the game. Nobody forces you to engage with any of these levels of complexity. You could just have a post-it note by your computer with your seed phrase. It would work, and chances are you’d be fine, assuming nobody else lives in the house, you don’t give the seed phrase to anyone or click any dodgy links.
By taking self-custody, you are your own bank. You must decide the level of risk that is appropriate to you. But if I may offer a suggestion: GET A HARDWARE WALLET.
A Note on Hardware Wallets
As we implied before, Hardware Wallets are devices designed to keep your seed phrase inside of a mini-computer so dumb that it becomes virtually unhackable. It has no ability to connect to the internet, except for the link that your computer provides it when it connects via USB (do not get a Bluetooth one, as while the same general principle should apply, I’m way too paranoid).
It’s worth clearing up a misconception though, it DOES NOT take coins out of the blockchain, it’s not only impossible to do that at the protocol level, but the device itself wouldn’t have the ability to do so, even if you could.
The term “Hardware wallet” is a bit misleading. It’s basically a fancy USB stick with security features, and can only store a sentence-worth of information beyond the rudimentary software it runs.
In other words, what this device does is take your seed phrase and store it in a way that it’s safe from prying eyes. Even if your computer were swarming with viruses, and you had your hardware wallet connected to it, the viruses wouldn’t be able to do anything. It’d be like trying to hack a toaster, it’s simply incapable of such complexity. (Side note, WHY THE FUCK are people getting smart toasters? Your toaster doesn’t need internet connectivity.)
**If you’re reading this on CardanoFeed, just know they’re thieves. They scrape content from websites that actually pay people to produce stuff, and post it on their site as if it’s their own. Apologies for the interruption, just thought you should know they’re scamming the community. **
The device is mainly designed to store 15-24 words, as well as create a signature that the blockchain can use to verify that transactions are authorized. As such, it’s a means of actively using your seed phrase but without most of the inherent risks.
It also has cool security features, such as needing to input a PIN to gain access to the device. And if the PIN is put in erroneously a dozen times in a row, the memory wipes itself clean. So you’re not in any real danger even if someone were to steal the device from you.
Many of the devices also allow you to have “hidden wallets”. What these do is to add an extra self-selected word in your original seed phrase, which gets treated as an entirely different wallet at a protocol level, despite sharing most of the seed phrase words in common.
Because of this feature, a single seed phrase can technically gain an infinite number of extra possible wallets, and they’re not associated with each other on a protocol level. So, assuming there’s no paper trail connecting them with each other, these are wallets whose existence nobody knows about, yet you can have access to them with a single device, and a single seed phrase.
However, it’s necessary to stress that if someone were to gain access to your keys, at least the default, non-hidden wallet in your device is still at great risk. The Hardware Wallet is not a replacement for storing your seed phrase somewhere safe, it just means that you can use your funds with less risk on a day to day basis.
The hardware wallet will ask you to sign every transaction with your express authorization. This means that once again, you are your worst enemy.
A Note on Browser-based Wallets
A browser-based wallet, otherwise known as a “light wallet” is typically an extension installed on a browser. It’s the means by which the vast majority of people in crypto operate, given that the alternative involves running a full-node wallet. In practice, what this would mean, is running a full server copy of the blockchain on your computer solely to perform transactions.
Obviously, this is infeasible for the vast majority of people, due to a lack of technical knowledge, lack of resources or plain laziness. As such, light wallets are the preferred alternative, where some centralized entity has taken over the responsibility of running a node on the network, and you can interact with them through their customized graphical interface.
In other words, you use their graphical interface to tell them what to do with the levels of authority that you grant them.
Yoroi is the official Cardano wallet, it’s operated by Emurgo, one of the founding entities of the network. Since it’s the default option, most Cardano users have used it in some capacity. That said, it’s so slow and antiquated that people typically flee from it as soon as they have the chance.
Depending on how you look at it, Cardano is either blessed or cursed with a variety of browser-based wallets. There isn’t a light wallet monopoly, where a single entity controls most of the people’s transactions, unlike in Ethereum where that role is controlled by the Metamask browser-based wallet.
Every wallet has slightly different abilities and different priorities. However, due to the fact that they’re a fairly recent addition to the scene, most of them are neither open-source nor audited.
This means you have to take it on faith that these entities/individuals haven’t embedded something in the code that can harm you. Now, the argument has been made that most of these projects stand to lose more from losing their reputation than they stand to gain from stealing your funds.
I’m frankly sceptical of that claim, and thus I don’t advise people to play in any wallet that isn’t open-source and/or been audited. While the same argument is used for CEXes, there’s a major difference between a corporation worth billions of dollars and with hundreds of millions of dollars in revenue, than a random developer with a pseudonymous Twitter account. I’m sure they’re lovely people, but I stay away from their wallets until I know they’ve been vetted by third parties.
So for the most part, that just leaves you with the official ones like Yoroi and the Hardware Wallet ones. They don’t have many features, and they’re not as polished as others, but they are quite good at keeping your mind at ease, which is what really counts when you get down to it.
As we’ve alluded to before in other articles, you are your own worst enemy when it comes to self-custody. Unless you’re famous, you’re unlikely to start getting singled out for attacks. It’s not to say it doesn’t happen, but how you carry yourself certainly plays a major role.
So be discrete with your crypto predilections and spending habits.
Other than that, nothing mentioned in this article is obligatory. These are mainly tips built on my own security preferences, and I hesitated on saying the more paranoid ones like having a Linux computer specifically to interact with DeFi and nothing else.
In other words, it’s up to you how much or how little to take from this article. But if I were to give you two tips that I consider essential:
- Make duplicates of your seed phrases, and store them somewhere where they’re unlikely to ever be put in their proper context, like your grandma’s house. That way you’ll never fully be locked out of your funds, but you don’t have to be overly paranoid about someone you’ve trusted betraying you. You can also separate the seed phrase into multiple locations, though be careful with that. Some people also rent safety deposit boxes, though this can get expensive.
- A hardware wallet as a final safety net so you never have to input your seed phrase on a device that is connected to the web, or compromised by viruses.
It’s useful to read what other people are doing, but then it’s up to you to decide how to implement it. Otherwise, it’s like reading the dietary and athletic recommendations of an Olympian.
You’re not an Olympian, so following their advice to the very letter might actually make you get fat, or injured. You have unique circumstances, so it’s certainly worth experimenting with suggestions other people have.
But much like a diet, the best security plan is one that you’ll actually stick to over the long run.
If you’re in the crypto or in the traditional finance industry looking for someone to ghostwrite content for you or consult regarding your content strategy, please do not hesitate to message me. I’m a full-time content producer.
Join the community over at @flantoshi on Twitter.
And if you would like to support this project and help me pay rent, I’ll pass on the tip hat and you can send ADA to:
- ADA wallet address: addr1qxfgs44d763uuw4hy6qatx383v9mmrrm6qazay6eren9sp5r2usruecwv33lp2t2nqp4ss6hrc9ac8yd2klxnsfnxz2qw3su4s
- Adahandle — $flantoshi
Thank you for your support!